tags: enterprise_appNETdeserialization original link: Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711) newsletter link: exploits.club Weekly Newsletter 38 - Linux Races, Blind Memory Corruption, LLM Java Fuzzing, and More
Exploits Club Summary:
Watchtowr and enterprise software go together like white-on-rice. This week, they took a stab at a recently reported critical vuln in Veeam Backup and Response, CVE-2024-40711. The post starts with a patch diff, where they identify that a well-known deserialization gadget has been added to the blacklist. From there, itâs off to the races with an overview of Veeamâs .NET remoting internals, a deepâŠdeep dive into the interesting code paths, and finally, some .NET deserialization goodies. The post finishes with an overview of the silent authentication patch the team implemented, making the advisory slightly confusing. And while you are on Watchtowrâs blog, you should also take a look at the post they put out yesterday about becoming admins of .mobi.